All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jason Wang <jasowang@redhat.com>
To: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
	"QEMU Developers" <qemu-devel@nongnu.org>,
	"Peter Xu" <peterx@redhat.com>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
	"Eduardo Habkost" <ehabkost@redhat.com>,
	Qemu-block <qemu-block@nongnu.org>, "Li Qiang" <liq3ea@163.com>,
	"Emilio G . Cota" <cota@braap.org>,
	"Joel Stanley" <joel@jms.id.au>,
	"David Gibson" <david@gibson.dropbear.id.au>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>,
	"Robert Foley" <robert.foley@linaro.org>,
	"Alistair Francis" <alistair@alistair23.me>,
	"Richard Henderson" <richard.henderson@linaro.org>,
	"Beniamino Galvani" <b.galvani@gmail.com>,
	"Eric Auger" <eric.auger@redhat.com>,
	qemu-arm <qemu-arm@nongnu.org>, "Jan Kiszka" <jan.kiszka@web.de>,
	"Cédric Le Goater" <clg@kaod.org>,
	"Stefan Hajnoczi" <stefanha@redhat.com>,
	"John Snow" <jsnow@redhat.com>,
	"Richard Henderson" <rth@twiddle.net>,
	"Tony Nguyen" <tony.nguyen@bt.com>,
	"Prasad J Pandit" <pjp@fedoraproject.org>,
	"Alexander Bulekov" <alxndr@bu.edu>,
	"Andrew Jeffery" <andrew@aj.id.au>,
	"Laszlo Ersek" <lersek@redhat.com>,
	"Emanuele Giuseppe Esposito" <e.emanuelegiuseppe@gmail.com>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
	"Andrew Baumann" <Andrew.Baumann@microsoft.com>,
	qemu-ppc <qemu-ppc@nongnu.org>,
	"Klaus Jensen" <k.jensen@samsung.com>,
	"Peter Chubb" <peter.chubb@nicta.com.au>
Subject: Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions
Date: Fri, 4 Sep 2020 10:50:57 +0800	[thread overview]
Message-ID: <0dc3d4a3-489a-7b96-d07d-4b65b86d0782@redhat.com> (raw)
In-Reply-To: <20200903194629.GH14249@toto>


On 2020/9/4 上午3:46, Edgar E. Iglesias wrote:
> On Thu, Sep 03, 2020 at 07:53:33PM +0200, Paolo Bonzini wrote:
>> On 03/09/20 17:50, Edgar E. Iglesias wrote:
>>>>> Hmm, I guess it would make sense to have a configurable option in KVM
>>>>> to isolate passthrough devices so they only can DMA to guest RAM...
>>>> Passthrough devices are always protected by the IOMMU, anything else
>>>> would be obviously insane^H^H^Hecure. :)
>>> Really? To always do that blindly seems wrong.
>>>
>>> I'm refering to the passthrough device not being able to reach registers
>>> of other passthrough devices within the same guest.
>> Ah okay; sorry, I misunderstood.  That makes more sense now!
>>
>> Multiple devices are put in the same IOMMU "container" (page table
>> basically), and that takes care of reaching registers of other
>> passthrough devices.
> Thanks, yes, that's a sane default. What I was trying to say before is that
> it may make sense to allow the user to "harden" the setup by selectivly
> putting certain passthrough devs on a separate group that can *only*
> DMA access guest RAM (not other device regs).


This makes sens but it requires the knowledge from the management layer 
of whether P2P is needed which is probably not easy.

Thanks


>
> Some devs need access to other device's regs but many passthrough devs don't
> need DMA access to anything else but RAM (e.g an Ethernet MAC).
>
> That could mitigate the damage caused by wild DMA pointers...
>
> Cheers,
> Edgar
>



  reply	other threads:[~2020-09-04  2:52 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-03 11:08 [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 01/12] pci: pass along the return value of dma_memory_rw Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 02/12] dma: Let dma_memory_valid() take MemTxAttrs argument Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 03/12] dma: Let dma_memory_set() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 04/12] dma: Let dma_memory_rw_relaxed() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 05/12] dma: Let dma_memory_rw() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 06/12] dma: Let dma_memory_read/write() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 07/12] dma: Let dma_memory_map() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 08/12] docs/devel/loads-stores: Add regexp for DMA functions Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 09/12] dma: Let load/store DMA functions take MemTxAttrs argument Philippe Mathieu-Daudé
2020-09-03 11:08 ` [RFC PATCH 10/12] exec/memattrs: Introduce MemTxAttrs::direct_access field Philippe Mathieu-Daudé
2020-09-03 11:08 ` [RFC PATCH 11/12] hw/pci: Only allow PCI slave devices to write to direct memory Philippe Mathieu-Daudé
2020-09-03 12:26   ` Paolo Bonzini
2020-09-03 13:18     ` Philippe Mathieu-Daudé
2020-09-03 21:43       ` Paolo Bonzini
2020-09-03 11:08 ` [RFC PATCH 12/12] dma: Assert when device writes to indirect memory (such MMIO regions) Philippe Mathieu-Daudé
2020-09-03 13:51   ` Edgar E. Iglesias
2020-09-03 13:37 ` [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions Laszlo Ersek
2020-09-03 13:58   ` Peter Maydell
2020-09-03 14:24     ` Edgar E. Iglesias
2020-09-03 15:46       ` Paolo Bonzini
2020-09-03 15:50         ` Edgar E. Iglesias
2020-09-03 17:53           ` Paolo Bonzini
2020-09-03 19:46             ` Edgar E. Iglesias
2020-09-04  2:50               ` Jason Wang [this message]
2020-09-05  2:27 ` Li Qiang
2020-09-08 14:37 ` Stefan Hajnoczi
2020-09-09 13:23   ` Peter Maydell
2020-09-09 13:41     ` Stefan Hajnoczi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0dc3d4a3-489a-7b96-d07d-4b65b86d0782@redhat.com \
    --to=jasowang@redhat.com \
    --cc=Andrew.Baumann@microsoft.com \
    --cc=alistair@alistair23.me \
    --cc=alxndr@bu.edu \
    --cc=andrew@aj.id.au \
    --cc=b.galvani@gmail.com \
    --cc=clg@kaod.org \
    --cc=cota@braap.org \
    --cc=david@gibson.dropbear.id.au \
    --cc=e.emanuelegiuseppe@gmail.com \
    --cc=edgar.iglesias@gmail.com \
    --cc=edgar.iglesias@xilinx.com \
    --cc=ehabkost@redhat.com \
    --cc=eric.auger@redhat.com \
    --cc=f4bug@amsat.org \
    --cc=jan.kiszka@web.de \
    --cc=joel@jms.id.au \
    --cc=jsnow@redhat.com \
    --cc=k.jensen@samsung.com \
    --cc=kraxel@redhat.com \
    --cc=lersek@redhat.com \
    --cc=liq3ea@163.com \
    --cc=mark.cave-ayland@ilande.co.uk \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.chubb@nicta.com.au \
    --cc=peter.maydell@linaro.org \
    --cc=peterx@redhat.com \
    --cc=philmd@redhat.com \
    --cc=pjp@fedoraproject.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=robert.foley@linaro.org \
    --cc=rth@twiddle.net \
    --cc=stefanha@redhat.com \
    --cc=tony.nguyen@bt.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.